Monday, January 16, 2006

Hackers and security experts use various custom and open source tools tocomplete their tasks.

In fact, one of the tools they use you probably useevery time you browse the web, the Google Search Engine.I remember the first time I used the Google Search Engine years ago. I was amazed at how quickly it fulfilled my search request.

Google's huge indexof systems / information and it's ability to perform complex searches haveevolved over the years. When we performed security assessments andpenetration test, we regularly use Google to locate information thatorganizations typically want to keep private and confidential.

Monday, January 02, 2006

Most web applications contain security vulnerabilities. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks as well as other less common vulnerabilities. In response, many tools have been developed for detecting or mitigating common web application vulnerabilities. Existing techniques either require effort from the site developer or are prone to false positives. This paper presents a fully automated approach to securely hardening web applications. It is based on precisely tracking taintedness of data and checking specifically for dangerous content only in parts of commands and output that came from untrustworthy sources. Unlike previous work in which everything that is derived from tainted input is tainted, our approach precisely tracks taintedness within data values.

About Me

He is involved in Application Security Consulting and establishing App Security across SDLC. He also conducts security workshops for the developer community. Besides interest in App Security, he likes Performance Testing and tuning of web applications.